Vulnerabilities > CVE-2023-49075 - Unspecified vulnerability in Pimcore Admin Classic Bundle

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
pimcore
NVD
Published: 2023-11-28
Updated: 2024-11-21

Summary

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

Vulnerable Configurations

Part Description Count
Application
Pimcore
19

References